Macromedia: Flash is secure

[InfoSec News <isn () C4I ORG>]

http://www.zdnet.com/zdnn/stories/news/0,4586,2672473,00.html

By Reuters
January 8, 2001 3:53 PM PT

Macromedia Inc. on Monday said its own tests have shown there is no
risk that its popular Flash multimedia player could allow a computer
virus to be sent to attack the computers of Internet users.

The popular Flash software allows digital artists and Web designers to
create short animated movies and cartoons, which can be downloaded and
viewed by Internet users.

Last week, a software engineer posted a message to a popular security
Web site, Bugtraq (www.securityfocus.com), claiming that the program
could allow a malicious program to be sent down the pipe to users'
PCs.

In response to that report, Macromedia said it conducted extensive
testing of its software last week, but concluded that there is no
security loophole.

A security bug in Flash could be devastating due to the software's
near-ubiquity--some 96 percent of all personal computers accessing the
Internet have some version of Flash installed, according to
Macromedia.

Microsoft Corp.'s popular Outlook email program was the instrument for
the whirlwind spread of the Love Letter virus, which was estimated to
have hit 45 million computers on a single day in May.

Macromedia said a Flash movie could be created to intentionally cause
the software residing on users' PCs to crash, but that no other
programs--including viruses--can be sent to exploit it.

"This is simply a software crash, not a security issue," said Peter
Santangeli, vice president of engineering at San Francisco-based
Macromedia. "Flash is a constrained environment by design. You'd never
get the (virus) to work."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".